EC2 Audit

Checks performed

• EC2 Instance Snapshots Should Not Be Public
• Long Running Instances Should Be Re-launched
• EC2 AMIs Should Not Be Public
• EC2 AMIs Should Be Encrypted
• EC2 Instances Should Not Reach vCPU Limit
• Blacklisted AMIs Should Not Be Used
• Default VPC Should Not Be In Use
• Security Groups Should Have Descriptions
• AMI Age Should Not Exceed the Configured Age
• EC2 Instance Should Be of Desired Type
• Detailed Monitoring for EC2 Instances Should Be Enabled
• EC2 Classic Should Not Be Used
• Scheduled Events for EC2 Instances
• EC2 Instances With Multiple Security Groups
• Termination Protection Should Be Enabled
• Unrestricted Netbios Access Should Not Be Allowed
• Unrestricted Outbound Access Should Not Be Allowed
• EC2 IAM Roles Should Be Used
• Restrict data-tier subnet connectivity to VPC NAT Gateway
• Unrestricted CIFS Access Should Not Be Allowed
• Unrestricted ICMP Access Should Not Be Allowed
• Unrestricted Inbound Access on All Uncommon Ports Should Not Be Allowed
• Unrestricted MongoDB Access Should Not Be Allowed
• Unrestricted MsSQL Access Should Not Be Allowed
• Unrestricted MySQL Access Should Not Be Allowed
• Unrestricted Oracle Access Should Not Be Allowed
• Security Group Port Range
• Unrestricted PostgreSQL Access Should Not Be Allowed
• Unrestricted RDP Access Should Not Be Allowed
• Unrestricted RPC Access Should Not Be Allowed
• Unrestricted SMTP Access Should Not Be Allowed
• Default Security Group Should Not Allow Unrestricted Public Traffic
• Unrestricted Telnet Access Should Not Be Allowed
• Unrestricted SSH Access Should Not Be Allowed
• Unrestricted Elasticsearch Access Should Not Be Allowed
• Unrestricted FTP Access Should Not Be Allowed
• EC2 Reserved Instances Should Not Have Payment Failed
• EC2 Reserved Instances Should Not Have Payment Pending
• EC2 Reserved Instances Recent Purchases Should Be Reviewed
• EC2-Classic Elastic IP Address Limit Should Not Be Reached
• EC2-VPC Elastic IP Address Limit Should Not Be Reached
• AWS EC2 Hibernation Should Be Enabled
• Instance Should Be Launched In Auto Scaling Group
• Reserved Instance Lease Expiration In The Next 30 Days
• Reserved Instance Lease Expiration In The Next 7 Days
• Security Group Excessive Counts
• Security Group Name Prefixed With launch-wizard Should Not Be Used
• EC2 Instance Count Should Not Exceed the Limit
• EC2 Instances Should Use Latest Generation
• Security Group Rules Counts
• Security Groups Should Not Allow Inbound Traffic From RFC 1918
• Unassociated Elastic IP Addresses Should Be Removed
• EC2 Instance Should Not Be In Public Subnet
• Unrestricted DNS Access Should Not Be Allowed
• Unrestricted HTTP Access Should Not Be Allowed
• Unrestricted HTTPS Access Should Not Be Allowed
• EC2 Instances Should Not Have Blacklisted Instance Types
• Unused Elastic Network Interfaces Should Be Removed
• Unused AMIs Should Be Removed
• Unused AWS EC2 Key Pairs Should Be Removed
• Reserved Instances Should Not Be Unused
• EC2 Instances Should Not Be Overutilized
• EC2 Instances Should Not Be Idle
• EC2 Instances Should Not Be Underutilized
• EC2 Instance Tenancy